Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 May 2015 19:39:47 +0300
From: Aleksey Cherepanov <>
Subject: Re: [core john] [Johnny] Windows event loop


On Fri, May 08, 2015 at 09:57:29AM -0400, Mathieu Laprise wrote:
> Important info from one of my last message :
> > On Windows (tested on 8.1), Johnny can't terminate cleanly the main(and
> > only) process of JtR(equivalent of unix sigterm). So, start attack/pause
> > attack don't work. However, if we use the windows equivalent of SIGKILL, it
> > works.
> > From the Qt documentation,
> > On Windows, QProces::terminate() posts a WM_CLOSE message to all toplevel
> > windows of the process and then to the main thread of the process itself. Console
> > applications on Windows that do not run an event loop, or whose event loop
> > does not handle the WM_CLOSE message, can only be terminated by
> > calling kill(). However, kill() doesn't give you a chance to do some
> > cleanup.
> I continued working on this and read A LOT of websites about this problem
> and tried a lot of solutions. Here is for example one site that talks about
> this issue
> Core-John handles CTRL_C events nicely. However, Qt sends WM_Close message
> with Process::terminate() which isn't working with console application that
> don't have windows.
> I don't seem to find a clean solution that works. So here are those that
> works so far, but I prefer to warn you in case you don't want to accept
> that kind of workarounds in your code.
> Solution 1 and 2 allows cleanup(it's like sigterm on unix)
> Solution 1) This requires modifications to john. On Windows, for
> john_main_process, create a invisible window, and an event loop on a
> separate thread which will forward WM_CLOSE event to a function in john.
> I've done a prototype(not in john) and this solution works.

It may work if Johnny will be bundled with modified john and Johnny
does not support other versions.

> Solution 2) Do like the guy named Shakta on stackoverflow. This doesn't
> require changes on John. On johnny, use AttachConsole(johnProcessId);
> GenerateConsoleCtrlEvent()
> and send a CTRL_BREAK to john. The problem is that we receive it too and
> it'll kill Johnny. So that's why we create a simple software Helper.exe
> with those 3 lines. We'll launch it and it will send the signal for us.
> This works, I've tested it too, the details are in Shakta stackoverflow's
> answer. Cons : we have a new executable that will be called by johnny.

I found that solution too, in the same stackoverflow question. I think
it may be a good solution among others. On Windows, you'll find people
with old john. So using of a patch may be an option then to make
things clearer for newer versions. But for older versions, you need
the solution, I guess.

If you AttachConsole(), can't you just send Ctrl-C?

Though it is not clear to me: does CTRL_BREAK make john to save state
on exit? Or is it just a way to kill the process?

> Solution 3) Send QProcess::kill() but that doesn't give the chance for John
> to cleanup and Solar said it's important.

John writes cracked hashes every N minutes. These N minutes will be
lost. The N is set in john.conf . It may be big or not. They said that
usually N = 10 minutes.

Johnny make modify the config to make john to write more often. Though
it may hurt performance

I am pretty sure that you've tried `taskkill` without /f to kill john
from cmd. It did not work, right?


Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.